mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 781126 - Part 1 - Browser content policy should check TYPE_OBJECT at shouldProcess rather than shouldLoad. r=jst
This commit is contained in:
parent
c7f6fcbf8b
commit
e4cf564242
@ -22,27 +22,30 @@ nsWebBrowserContentPolicy::~nsWebBrowserContentPolicy()
|
||||
|
||||
NS_IMPL_ISUPPORTS1(nsWebBrowserContentPolicy, nsIContentPolicy)
|
||||
|
||||
static nsresult
|
||||
PerformPolicyCheck(PRUint32 contentType,
|
||||
nsISupports *requestingContext,
|
||||
PRInt16 *decision)
|
||||
NS_IMETHODIMP
|
||||
nsWebBrowserContentPolicy::ShouldLoad(PRUint32 contentType,
|
||||
nsIURI *contentLocation,
|
||||
nsIURI *requestingLocation,
|
||||
nsISupports *requestingContext,
|
||||
const nsACString &mimeGuess,
|
||||
nsISupports *extra,
|
||||
nsIPrincipal *requestPrincipal,
|
||||
PRInt16 *shouldLoad)
|
||||
{
|
||||
NS_PRECONDITION(decision, "Null out param");
|
||||
NS_PRECONDITION(shouldLoad, "Null out param");
|
||||
|
||||
*decision = nsIContentPolicy::ACCEPT;
|
||||
*shouldLoad = nsIContentPolicy::ACCEPT;
|
||||
|
||||
nsIDocShell *shell = NS_CP_GetDocShellFromContext(requestingContext);
|
||||
/* We're going to dereference shell, so make sure it isn't null */
|
||||
if (!shell)
|
||||
if (!shell) {
|
||||
return NS_OK;
|
||||
|
||||
}
|
||||
|
||||
nsresult rv;
|
||||
bool allowed = true;
|
||||
|
||||
switch (contentType) {
|
||||
case nsIContentPolicy::TYPE_OBJECT:
|
||||
rv = shell->GetAllowPlugins(&allowed);
|
||||
break;
|
||||
case nsIContentPolicy::TYPE_SCRIPT:
|
||||
rv = shell->GetAllowJavascript(&allowed);
|
||||
break;
|
||||
@ -63,24 +66,11 @@ PerformPolicyCheck(PRUint32 contentType,
|
||||
}
|
||||
|
||||
if (NS_SUCCEEDED(rv) && !allowed) {
|
||||
*decision = nsIContentPolicy::REJECT_TYPE;
|
||||
*shouldLoad = nsIContentPolicy::REJECT_TYPE;
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsWebBrowserContentPolicy::ShouldLoad(PRUint32 contentType,
|
||||
nsIURI *contentLocation,
|
||||
nsIURI *requestingLocation,
|
||||
nsISupports *requestingContext,
|
||||
const nsACString &mimeGuess,
|
||||
nsISupports *extra,
|
||||
nsIPrincipal *requestPrincipal,
|
||||
PRInt16 *shouldLoad)
|
||||
{
|
||||
return PerformPolicyCheck(contentType, requestingContext, shouldLoad);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsWebBrowserContentPolicy::ShouldProcess(PRUint32 contentType,
|
||||
nsIURI *contentLocation,
|
||||
@ -91,8 +81,22 @@ nsWebBrowserContentPolicy::ShouldProcess(PRUint32 contentType,
|
||||
nsIPrincipal *requestPrincipal,
|
||||
PRInt16 *shouldProcess)
|
||||
{
|
||||
NS_PRECONDITION(shouldProcess, "Null out param");
|
||||
|
||||
*shouldProcess = nsIContentPolicy::ACCEPT;
|
||||
|
||||
// Object tags will always open channels with TYPE_OBJECT, but may end up
|
||||
// loading with TYPE_IMAGE or TYPE_DOCUMENT as their final type, so we block
|
||||
// actual-plugins at the process stage
|
||||
if (contentType != nsIContentPolicy::TYPE_OBJECT) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsIDocShell *shell = NS_CP_GetDocShellFromContext(requestingContext);
|
||||
bool allowed;
|
||||
if (shell && (NS_FAILED(shell->GetAllowPlugins(&allowed)) || !allowed)) {
|
||||
*shouldProcess = nsIContentPolicy::REJECT_TYPE;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
//LATER:
|
||||
// return PerformPolicyCheck(contentType, requestingContext, shouldProcess);
|
||||
}
|
||||
|
@ -142,6 +142,11 @@ nsContentBlocker::ShouldLoad(PRUint32 aContentType,
|
||||
if (!aContentLocation)
|
||||
return NS_OK;
|
||||
|
||||
// The final type of an object tag may mutate before it reaches
|
||||
// shouldProcess, so we cannot make any sane blocking decisions here
|
||||
if (aContentType == nsIContentPolicy::TYPE_OBJECT)
|
||||
return NS_OK;
|
||||
|
||||
// we only want to check http, https, ftp
|
||||
// for chrome:// and resources and others, no need to check.
|
||||
nsCAutoString scheme;
|
||||
@ -162,40 +167,8 @@ nsContentBlocker::ShouldLoad(PRUint32 aContentType,
|
||||
*aDecision = nsIContentPolicy::REJECT_SERVER;
|
||||
}
|
||||
}
|
||||
if (aContentType != nsIContentPolicy::TYPE_OBJECT || aMimeGuess.IsEmpty())
|
||||
return NS_OK;
|
||||
|
||||
// For TYPE_OBJECT we should check what aMimeGuess might tell us
|
||||
// about what sort of object it is.
|
||||
nsCOMPtr<nsIObjectLoadingContent> objectLoader =
|
||||
do_QueryInterface(aRequestingContext);
|
||||
if (!objectLoader)
|
||||
return NS_OK;
|
||||
|
||||
PRUint32 contentType;
|
||||
rv = objectLoader->GetContentTypeForMIMEType(aMimeGuess, &contentType);
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
switch (contentType) {
|
||||
case nsIObjectLoadingContent::TYPE_IMAGE:
|
||||
aContentType = nsIContentPolicy::TYPE_IMAGE;
|
||||
break;
|
||||
case nsIObjectLoadingContent::TYPE_DOCUMENT:
|
||||
aContentType = nsIContentPolicy::TYPE_SUBDOCUMENT;
|
||||
break;
|
||||
default:
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_ASSERTION(aContentType != nsIContentPolicy::TYPE_OBJECT,
|
||||
"Shouldn't happen. Infinite loops are bad!");
|
||||
|
||||
// Found a type that tells us more about what we're loading. Try
|
||||
// the permissions check again!
|
||||
return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
|
||||
aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
|
||||
aDecision);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
@ -223,8 +196,31 @@ nsContentBlocker::ShouldProcess(PRUint32 aContentType,
|
||||
}
|
||||
}
|
||||
|
||||
// This isn't a load from chrome. Just do a ShouldLoad() check --
|
||||
// we want the same answer here
|
||||
// For objects, we only check policy in shouldProcess, as the final type isn't
|
||||
// determined until the channel is open -- We don't want to block images in
|
||||
// object tags because plugins are disallowed.
|
||||
// NOTE that this bypasses the aContentLocation checks in ShouldLoad - this is
|
||||
// intentional, as aContentLocation may be null for plugins that load by type
|
||||
// (e.g. java)
|
||||
if (aContentType == nsIContentPolicy::TYPE_OBJECT) {
|
||||
*aDecision = nsIContentPolicy::ACCEPT;
|
||||
|
||||
bool shouldLoad, fromPrefs;
|
||||
nsresult rv = TestPermission(aContentLocation, aRequestingLocation,
|
||||
aContentType, &shouldLoad, &fromPrefs);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
if (!shouldLoad) {
|
||||
if (fromPrefs) {
|
||||
*aDecision = nsIContentPolicy::REJECT_TYPE;
|
||||
} else {
|
||||
*aDecision = nsIContentPolicy::REJECT_SERVER;
|
||||
}
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// This isn't a load from chrome or an object tag - Just do a ShouldLoad()
|
||||
// check -- we want the same answer here
|
||||
return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
|
||||
aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
|
||||
aDecision);
|
||||
|
Loading…
Reference in New Issue
Block a user